Setting Up TLS Security

Note –

The security database files must be readable by everyone. Do not
include any private keys in the key3.db.

If using TLS, the necessary security databases must be installed. In
particular, the certificate and key database files are needed. For example,
if you adopt an older database format from Netscape Communicator, two files, cert7.db and key3.db, are required. Or, if
you use a newer database format from Mozilla, three files, cert8.db, key3.db and secmod.db are needed. The cert7.db or cert8.db file contains trusted certificates.
The key3.db file contains the client's keys. Even if
the LDAP naming service client does not use client keys, this file must be
present. The secmod.db file contains the security modules
such as PKCS#11 module. This file is not required if
the older format is used.

Note –

Before running ldapclient, you should set up
and install the needed security database files described in this section.

See the section about configuring LDAP clients to use SSL in the “Managing
SSL” chapter of the Administrator's Guide for the version of Sun Java System Directory Server you
are using. For information on how to create and manage these files. Once configured,
these files must be stored in the location expected by the LDAP naming services
client. The attribute certificatePath is used to determine
this location. This is by default /var/ldap.

For example, after setting up the necessary cert7.db and key3.db files using Netscape Communicator,
copy the files to the default location.

While Netscape manages the cert7.db and key3.db files in the $HOME/.netscape directory,
Mozilla has its cert8.db, key3.db and secmod.db files managed in a sub-directory under $HOME/.mozilla. Copies of these security databases must be stored on a local file
system if you are using them for an LDAP naming services client.